Changes API to use auth middleware on selected routes (#25)

* Fix bug which wipes db at each restart in development mode * Add authentication for some routes to reflect changes in webapp See DIH-154
dropsintheocean · Jul 4, 2016 · a1e80da · a1e80da
1 parent 420811a
commit a1e80da
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 10 deletions.
diff --git a/src/controllers/trip.controller.js b/src/controllers/trip.controller.js
@@ -45,12 +45,15 @@ export function list(req, res, next) {
  * @param  {Function} next Express next middleware function
  */
 export function create(req, res, next) {
-    db.Trip.create(req.body)
-        .then(savedObj => res.status(201).json(savedObj))
-        .catch(Sequelize.ValidationError, err => {
-            throw new errors.ValidationError(err);
-        })
-        .catch(next);
+    db.Trip.create({
+        ...req.body,
+        userId: req.user.id
+    })
+    .then(savedObj => res.status(201).json(savedObj))
+    .catch(Sequelize.ValidationError, err => {
+        throw new errors.ValidationError(err);
+    })
+    .catch(next);
 }
 
 /**

diff --git a/src/routes/trip.routes.js b/src/routes/trip.routes.js
@@ -1,14 +1,15 @@
 import express from 'express';
+import { authorize } from '../components/auth';
 import * as controller from '../controllers/trip.controller';
 
 const router = express.Router();
 
 router.get('/', controller.list);
 
-router.post('/', controller.create);
+router.post('/', authorize, controller.create);
 
 router.delete('/:id', controller.destroy);
 
-router.put('/:id', controller.update);
+router.put('/:id', authorize, controller.update);
 
 export default router;
diff --git a/test/api/trips.test.js b/test/api/trips.test.js
@@ -1,4 +1,4 @@
-import { loadFixtures, getAllElements } from '../helpers';
+import { loadFixtures, getAllElements, createValidJWT } from '../helpers';
 import { describe } from 'ava-spec';
 import _ from 'lodash';
 import request from 'supertest-as-promised';
@@ -36,7 +36,6 @@ describe.serial('Trip API', it => {
                 userObjects = response;
             })
             .then(() => {
-                mockTrip.userId = userObjects[1].id;
                 mockTrip.destinationId = destinationObjects[1].id;
             })
     );
@@ -148,6 +147,7 @@ describe.serial('Trip API', it => {
         const response = await request(app)
             .post(URI)
             .send(mockTrip)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .expect(201)
             .then(res => res);
         t.is(response.body.status, mockTrip.status);
@@ -158,6 +158,7 @@ describe.serial('Trip API', it => {
         delete mockWithEmptyStatus.status;
         await request(app)
             .post(URI, mockWithEmptyStatus)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .expect(400);
     });
 
@@ -166,6 +167,7 @@ describe.serial('Trip API', it => {
         delete mockWithEmptyDestination.destinationId;
         await request(app)
             .post(URI, mockWithEmptyDestination)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .expect(400);
     });
 
@@ -174,6 +176,7 @@ describe.serial('Trip API', it => {
         delete mockWithEmptyUser.userId;
         await request(app)
             .post(URI, mockWithEmptyUser)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .expect(400);
     });
 
@@ -184,6 +187,7 @@ describe.serial('Trip API', it => {
         const validRequestResponse = await request(app)
             .put(`${URI}/${fixture.id}`)
             .send(changedFixture)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .expect(204)
             .then(() => request(app).get(URI))
             .then(res => _.find(res.body, obj => obj.id === fixture.id));
@@ -196,13 +200,15 @@ describe.serial('Trip API', it => {
         invalidChangedFixture.status = 'kek';
         await request(app)
             .put(`${URI}/${fixture.id}`)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .send(invalidChangedFixture)
             .expect(400);
     });
 
     it('should return 404 when you try to update a trip that does not exist', async () => {
         await request(app)
             .put(`${URI}/${tripObjects.length + 100}`)
+            .set('Authorization', `Bearer ${createValidJWT(userObjects[1])}`)
             .send(mockTrip)
             .expect(404);
     });